Low Quality Assurance (QA) iframe campaign linked to May’s Indian government Web site compromise spotted in the wild

We’ve intercepted a currently trending malicious iframe campaign, affecting hundreds of legitimate Web sites, that’s interestingly part of the very same infrastructure from May, 2013’s analysis of the compromise of an Indian government Web site. The good news? Not only have we got you proactively covered, but also, the iframe domain is currently redirecting to a client-side exploit serving URL that’s offline. Let’s provide some actionable intelligence on the malicious activity that is known to have originated from the same iframe campaign in the past month, indicating that the cybercriminal(s) behind it are actively multi-tasking on multiple fronts.

iframe URL: karenbrowntx.com – 98.124.198.1

Client-side exploits serving redirector: hxxp://ww2.taylorgram.com/main.php?page=3081100e9fdaf127 – known to have responded to 31.171.133.163 and most recently to 184.168.221.20